<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE topic
  PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
<topic id="topic1" xml:lang="en">
  <title id="gd143896">pg_authid</title>
  <body>
    <p>The <codeph>pg_authid</codeph> table contains information about database authorization
      identifiers (roles). A role subsumes the concepts of users and groups. A user is a role with
      the <codeph>rolcanlogin</codeph> flag set. Any role (with or without
        <codeph>rolcanlogin</codeph>) may have other roles as members. See <xref
        href="pg_auth_members.xml#topic1" type="topic" format="dita"/>. </p>
    <p>Since this catalog contains passwords, it must not be publicly readable. <xref
        href="./pg_roles.xml#topic1" type="topic" format="dita"/> is a publicly readable view on
        <codeph>pg_authid</codeph> that blanks out the password field.</p>
    <p>Because user identities are system-wide, <codeph>pg_authid</codeph> is shared across all
      databases in a Greenplum Database system: there is only one copy of
        <codeph>pg_authid</codeph> per system, not one per database.</p>
    <table id="gd143898">
      <title>pg_catalog.pg_authid</title>
      <tgroup cols="4">
        <colspec colnum="1" colname="col1" colwidth="131pt"/>
        <colspec colnum="2" colname="col2" colwidth="86pt"/>
        <colspec colnum="3" colname="col3" colwidth="85pt"/>
        <colspec colnum="4" colname="col4" colwidth="147pt"/>
        <thead>
          <row>
            <entry colname="col1">column</entry>
            <entry colname="col2">type</entry>
            <entry colname="col3">references</entry>
            <entry colname="col4">description</entry>
          </row>
        </thead>
        <tbody>
          <row>
            <entry colname="col1">
              <codeph>oid</codeph>
            </entry>
            <entry colname="col2">oid</entry>
            <entry colname="col3"/>
            <entry colname="col4">Row identifier (hidden attribute; must be explicitly selected)</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolname</codeph>
            </entry>
            <entry colname="col2">name</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role name</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolsuper</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role has superuser privileges</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolinherit</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role automatically inherits privileges of roles it is a member
              of</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreaterole</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may create more roles</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreatedb</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may create databases</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcatupdate</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may update system catalogs directly. (Even a superuser may
              not do this unless this column is true)</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcanlogin</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role may log in. That is, this role can be given as the initial
              session authorization identifier </entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolreplication</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Role is a replication role. That is, this role can initiate streaming
              replication and set/unset the system backup mode using <codeph>pg_start_backup</codeph>
              and <codeph>pg_stop_backup</codeph>.</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolconnlimit</codeph>
            </entry>
            <entry colname="col2">int4</entry>
            <entry colname="col3"/>
            <entry colname="col4">For roles that can log in, this sets maximum number of concurrent
              connections this role can make. <codeph>-1</codeph> means no limit</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolpassword</codeph>
            </entry>
            <entry colname="col2">text</entry>
            <entry colname="col3"/>
            <entry colname="col4">Password (possibly encrypted); NULL if none. If the password is
              encrypted, this column will begin with the string <codeph>md5</codeph> followed by a
              32-character hexadecimal MD5 hash. The MD5 hash will be the user's password concatenated
              to their user name. For example, if user <codeph>joe</codeph> has password
              <codeph>xyzzy</codeph>, Greenplum Database will store the md5 hash of
              <codeph>xyzzyjoe</codeph>. Greenplum assumes that a password that does not follow that
              format is unencrypted.</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolvaliduntil</codeph>
            </entry>
            <entry colname="col2">timestamptz</entry>
            <entry colname="col3"/>
            <entry colname="col4">Password expiry time (only used for password authentication); NULL
              if no expiration</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolresqueue</codeph>
            </entry>
            <entry colname="col2">oid</entry>
            <entry colname="col3"/>
            <entry colname="col4">Object ID of the associated resource queue ID in
                <i>pg_resqueue</i>
            </entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreaterextgpfd</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Privilege to create read external tables with the
                <codeph>gpfdist</codeph> or <codeph>gpfdists</codeph> protocol</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreaterexhttp</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Privilege to create read external tables with the
                <codeph>http</codeph> protocol </entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolcreatewextgpfd</codeph>
            </entry>
            <entry colname="col2">boolean</entry>
            <entry colname="col3"/>
            <entry colname="col4">Privilege to create write external tables with the
                <codeph>gpfdist</codeph> or <codeph>gpfdists</codeph> protocol</entry>
          </row>
          <row>
            <entry colname="col1">
              <codeph>rolresgroup</codeph>
            </entry>
            <entry colname="col2">oid</entry>
            <entry colname="col3"/>
            <entry colname="col4">Object ID of the associated resource group ID in
                <i>pg_resgroup</i>
            </entry>
          </row>
        </tbody>
      </tgroup>
    </table>
  </body>
</topic>
